| Titel | Campcodes Online Hotel Reservation System V1.0 Stored XSS |
|---|
| Beschreibung | Root Cause
The server fails to escape user input before rendering it to the browser, omitting the use of functions like . As a result, HTML/JavaScript code submitted by users is interpreted and executed by the browser.htmlspecialchars()
Impact
An attacker can execute arbitrary scripts
leading to:
Allows attackers to inject JavaScript via chat messagesSteal session cookies or authentication dataHijack user sessions or simulate user actions, etc.
DESCRIPTION
Online Hotel Reservation System When adding users to the /admin/account.php file, call the /admin/add_account.php file and then call the/admin/add_query_account.php file. After submitting the form, the submitted data is processed by the add_query_account.php file without any filtering. An attacker can inject malicious HTML or JavaScript content, which will execute in other users' browsers when they view the page, resulting in a Cross-Site Scripting (XSS) attack.chat_msgyour_name. |
|---|
| Quelle | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/3 |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 29.07.2025 16:02 (vor 11 Monaten) |
|---|
| Moderieren | 30.07.2025 19:54 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 318358 [Campcodes Online Hotel Reservation System 1.0 add_query_account.php Name Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|